SUSE-SU-2026:0345-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20260345-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0345-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:0345-1
- Upstream
- Related
- Published
- 2026-01-30T07:18:43Z
- Modified
- 2026-01-31T20:45:02.432885Z
- Summary
- Security update for freerdp
- Details
-
This update for freerdp fixes the following issues:
- CVE-2025-4478: Fixed initialization of function pointers after resource allocations (bsc#1243109)
- CVE-2026-22851: Fixed RDPGFX ResetGraphics race leading to use-after-free in SDL client (sdl->primary) (bsc#1256717)
- CVE-2026-22852: Fixed heap-buffer-overflow in audinprocessformats (bsc#1256718)
- CVE-2026-22853: Fixed heap-buffer-overflow in ndrreaduint8Array (bsc#1256719)
- CVE-2026-22854: Fixed heap-buffer-overflow in driveprocessirp_read (bsc#1256720)
- CVE-2026-22855: Fixed heap-buffer-overflow in smartcardunpacksetattribcall (bsc#1256721)
- CVE-2026-22856: Fixed heap-use-after-free in createirpthread (bsc#1256722)
- CVE-2026-22857: Fixed heap-use-after-free in irpthreadfunc (bsc#1256723)
- CVE-2026-22858: Fixed global-buffer-overflow in cryptobase64devoce (bsc#1256724)
- CVE-2026-22859: Fixed heap-buffer-overflow in urbselectconfiguration (bsc#1256725)
- CVE-2026-23530: Fixed improper validation leading to heap buffer overflow
in
planar_decompress_plane_rle(bsc#1256940) - CVE-2026-23531: Fixed improper validation in
clear_decompressleading to heap buffer overflow (bsc#1256941) - CVE-2026-23532: Fixed mismatch between destination rectangle clamping and
the actual copy size leading to heap buffer overflow in
gdi_SurfaceToSurface(bsc#1256942) - CVE-2026-23533: Fixed improper validation leading to heap buffer overflow in
clear_decompress_residual_data(bsc#1256943) - CVE-2026-23534: Fixed missing checks leading to heap buffer overflow in
clear_deceompress_bands_data(bsc#1256944) - CVE-2026-23732: Fixed improper validation leading to heap buffer overflow in
Glyph_alloc(bsc#1256945) - CVE-2026-23883: Fixed use-after-free when
update_pointer_colorandfreerdp_image_copy_fromPointer_datafail (bsc#1256946) - CVE-2026-23884: Fixed use-after-free in
gdi_set_bounds(bsc#1256947)
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20260345-1/
- https://bugzilla.suse.com/1243109
- https://bugzilla.suse.com/1256717
- https://bugzilla.suse.com/1256718
- https://bugzilla.suse.com/1256719
- https://bugzilla.suse.com/1256720
- https://bugzilla.suse.com/1256721
- https://bugzilla.suse.com/1256722
- https://bugzilla.suse.com/1256723
- https://bugzilla.suse.com/1256724
- https://bugzilla.suse.com/1256725
- https://bugzilla.suse.com/1256940
- https://bugzilla.suse.com/1256941
- https://bugzilla.suse.com/1256942
- https://bugzilla.suse.com/1256943
- https://bugzilla.suse.com/1256944
- https://bugzilla.suse.com/1256945
- https://bugzilla.suse.com/1256946
- https://bugzilla.suse.com/1256947
- https://www.suse.com/security/cve/CVE-2025-4478
- https://www.suse.com/security/cve/CVE-2026-22851
- https://www.suse.com/security/cve/CVE-2026-22852
- https://www.suse.com/security/cve/CVE-2026-22853
- https://www.suse.com/security/cve/CVE-2026-22854
- https://www.suse.com/security/cve/CVE-2026-22855
- https://www.suse.com/security/cve/CVE-2026-22856
- https://www.suse.com/security/cve/CVE-2026-22857
- https://www.suse.com/security/cve/CVE-2026-22858
- https://www.suse.com/security/cve/CVE-2026-22859
- https://www.suse.com/security/cve/CVE-2026-23530
- https://www.suse.com/security/cve/CVE-2026-23531
- https://www.suse.com/security/cve/CVE-2026-23532
- https://www.suse.com/security/cve/CVE-2026-23533
- https://www.suse.com/security/cve/CVE-2026-23534
- https://www.suse.com/security/cve/CVE-2026-23732
- https://www.suse.com/security/cve/CVE-2026-23883
- https://www.suse.com/security/cve/CVE-2026-23884
Affected packages
SUSE:Linux Enterprise Module for Package Hub 15 SP7
freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.10.3-150700.3.3.1
SUSE:Linux Enterprise Workstation Extension 15 SP7
freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.10.3-150700.3.3.1
Ecosystem specific
{
"binaries": [
{
"freerdp-proxy-plugins": "3.10.3-150700.3.3.1",
"libwinpr3-3": "3.10.3-150700.3.3.1",
"librdtk0-0": "3.10.3-150700.3.3.1",
"freerdp-server": "3.10.3-150700.3.3.1",
"winpr-devel": "3.10.3-150700.3.3.1",
"libfreerdp3-3": "3.10.3-150700.3.3.1",
"freerdp": "3.10.3-150700.3.3.1",
"libfreerdp-server-proxy3-3": "3.10.3-150700.3.3.1",
"freerdp-devel": "3.10.3-150700.3.3.1",
"freerdp-sdl": "3.10.3-150700.3.3.1",
"freerdp-proxy": "3.10.3-150700.3.3.1"
}
]
}